Security and risk management leaders today face unprecedented challenges as they strive to support the business through the digital transformation journey, while minimizing the risk and potential negative business impact from increasing digital operations. While some of these risk areas seem straightforward or business-as-usual, the reality is that the ways in which organizations need to manage these risks and work across organizational silos in business, risk management and security is drastically different than it was in the past. This shift is reflected in emerging trends in security and risk management.
Over the past several weeks our "Perspectives" blog series has provided a deeper dive into some of our own analysis of the security and risk management trends described in the Gartner Top Security and Risk Management Trends research note.1 RSA perspectives focused on four key areas of digital risk—cyber attacks, third parties, workforce transformation, and cloud security Throughout the series we've provided our views on growing risks brought on by digital transformation, and on the importance of connecting security and risk management to address digital risk.
The RSA perspective on managing cyber attack risk is that while reinvestment and advanced SOC capabilities are important for organizations to be prepared to manage a cyber incident, it is just as important to ensure that the SOC analyst can prioritize alerts based on which ones represent the biggest impact to the business. Additionally, building a bridge between the technical aspects in the SOC and business response workflows is critical to ensure that incident response is a cross-functional effort. The goal is minimizing the business impact, as much as it is stopping the attack.
Risk domains like business resiliency, compliance and data privacy all have the potential to be impacted by relationships with third parties; that's why it's so critical to understand the risk third parties pose. Organizations can better manage the increasing third-party risk that comes with digital transformation by aligning corporate strategies and risk appetite, prioritizing risks and communicating in business terms. This helps ensure business leaders, along with security and risk management leaders, understand the level of risk they are willing to accept when engaging third parties.
Today's workforce is more dynamic than ever before, with nearly 36% of US workers participating in the gig economy in some capacity, according to Gallup. Managing the risks associated with such a distributed and diverse workforce is increasingly difficult. Providing quick and easy access to the resources, data and tools that users need to do their job whenever, however they want is critical to thrive in this digital economy, and so is securing that access. From the RSA perspective, applying a risk-based approach, incorporating user and entity behavior analytics (UEBA), and considering threat intelligence and fraud intelligence are all critical to make real-time access decisions to thwart attacks related to the dynamic workforce. In addition, integrating UEBA with multi-factor authentication to get insights into what users are doing with their access can further enhance security while minimizing friction for users.
Securing cloud resources is an increasingly important area of digital risk to tackle, especially because there is a shared responsibility for security in and to the cloud. Increasing security visibility in the cloud is critical, as is managing access to cloud resources and data. RSA also strongly recommends security and risk management leaders leverage frameworks to measure cloud risk and how well prepared an organization is to manage it--especially as the skills gap continues to intensify.
Risks continue to increase in number and magnitude as organizations grow their digital footprints. Security and risk management leaders should be aware of trends across these risk areas and understand how to implement strategies and tools to mitigate these risks. Connecting across traditional silos in security and risk management is also imperative to successfully address risks that have the potential to impact both.
1 GartnerTop Security and Risk Management Trends, Peter Firstbrook, Brian Reed, Sam Olyaei, Gorka Sadowski, David Mahdi, Prateek Bhajanka, Earl Perkins, Published 31 January 2019
# # #
For more RSA perspectives on top trends in security and risk management, view a webcast hosted by Ben Desjardins, vice president of product marketing for RSA, and featuring a panel of expert guests presenting their perspectives on the Gartner Top Security and Risk Management Trends1 research note.
Join the #TalkingDigitalRisk conversation on Twitter and social media by following @RSAsecurity